[wplug] OpenSSH keys problem

Carl Benedict cbenedic at pittsburghtechs.com
Wed Aug 20 05:14:45 EDT 2003


Try editing /etc/ssh/sshd_config on the new server. I took a brief look
and there is a line that says:

#PasswordAuthentication yes

Prehaps this is what you want to change?  Surely what you are looking
for is under the "authentication" section of the sshd_config file.

If you have access to the old server, try taking a look at it's
sshd_config file and see what options are different versus the new
server.  Your second option would be the man pages. 

If this is on a secure network, you could always use RSH.  IMHO that
would be a more simple solution if security is not important in this
scenario.

- Carl



On Tue, 2003-08-19 at 18:05, Scott Eicher wrote:
> I haven't setup an ssh-agent. I've read a little about it but I don't think
> that's what I'm looking for. What I'm trying to accomplisth is to be able to
> create some scripts that will run from cron and scp some files from the
> client to the server without prompting for a password. I've got this working
> from the same client system to a different server that is running the same
> version of OpenSSH. It doesn't prompt me for a password but uses my RSA key
> every time.
> 
> Scott
> 
> -----Original Message-----
> From: Jonathan S Billings [mailto:billings at negate.org]
> Sent: Tuesday, August 19, 2003 5:28 PM
> To: wplug at wplug.org
> Subject: Re: [wplug] OpenSSH keys problem
> 
> 
> Have you set up an ssh-agent before trying to connect?  That's when you
> will enter your password, not during the connection session.  I suggest
> reading the 'ssh' and 'ssh-agent' manpages.  Also, make sure that if you
> are using the 2.0 protocol, you've created the appropriate rsa2 keys and
> stored the keys in the authorized_keys2 file.
> 
> Jonathan Billings
> 
> 
> 
> On Tue, 2003-08-19 at 17:10, Scott Eicher wrote:
> > I am trying to setup RSA/DSA key authentication from a RedHat 7.2 system
> > running OpenSSH-3.1p1-6 to a RedHat8.0 system running OpenSSH-3.4p1-2. I
> > have generated both RSA and DSA keys via the command ssh-keygen -t rsa and
> > ssh-keygen -t dsa. I have appended the keys to the
> > /home/username/.ssh/authorized_keys file on the system that I'm connecting
> > to. When I try to ssh to the RedHat8 system it always authenticates me
> back
> > to my password instead of to either of the keys. I have tried using both
> > keys independently by removing each of them from the keys file one at a
> time
> > but neither want to work properly.
> > 
> > Here are the verbose debug lines:
> > 
> > OpenSSH_3.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
> > debug1: Reading configuration data /etc/ssh/ssh_config
> > debug1: Applying options for *
> > debug1: Rhosts Authentication disabled, originating port will not be
> > trusted.
> > debug1: restore_uid
> > debug1: ssh_connect: getuid 0 geteuid 0 anon 1
> > debug1: Connecting to HOSTIPADDRESS [HOSTIPADDRESS] port 22.
> > debug1: temporarily_use_uid: 0/0 (e=0)
> > debug1: restore_uid
> > debug1: temporarily_use_uid: 0/0 (e=0)
> > debug1: restore_uid
> > debug1: Connection established.
> > debug1: read PEM private key done: type DSA
> > debug1: read PEM private key done: type RSA
> > debug1: identity file /root/.ssh/identity type -1
> > debug1: identity file /root/.ssh/id_rsa type 1
> > debug1: identity file /root/.ssh/id_dsa type -1
> > debug1: Remote protocol version 1.99, remote software version
> OpenSSH_3.4p1
> > debug1: match: OpenSSH_3.4p1 pat OpenSSH*
> > Enabling compatibility mode for protocol 2.0
> > debug1: Local version string SSH-2.0-OpenSSH_3.1p1
> > debug1: SSH2_MSG_KEXINIT sent
> > debug1: SSH2_MSG_KEXINIT received
> > debug1: kex: server->client aes128-cbc hmac-md5 none
> > debug1: kex: client->server aes128-cbc hmac-md5 none
> > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
> > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> > debug1: dh_gen_key: priv key bits set: 124/256
> > debug1: bits set: 1647/3191
> > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> > debug1: Host 'HOSTIPADDRESS' is known and matches the RSA host key.
> > debug1: Found key in /root/.ssh/known_hosts:1
> > debug1: bits set: 1635/3191
> > debug1: ssh_rsa_verify: signature correct
> > debug1: kex_derive_keys
> > debug1: newkeys: mode 1
> > debug1: SSH2_MSG_NEWKEYS sent
> > debug1: waiting for SSH2_MSG_NEWKEYS
> > debug1: newkeys: mode 0
> > debug1: SSH2_MSG_NEWKEYS received
> > debug1: done: ssh_kex2.
> > debug1: send SSH2_MSG_SERVICE_REQUEST
> > debug1: service_accept: ssh-userauth
> > debug1: got SSH2_MSG_SERVICE_ACCEPT
> > debug1: authentications that can continue:
> > publickey,password,keyboard-interactive
> > debug1: next auth method to try is publickey
> > debug1: try privkey: /root/.ssh/identity
> > debug1: try pubkey: /root/.ssh/id_rsa
> > debug1: authentications that can continue:
> > publickey,password,keyboard-interactive
> > debug1: try privkey: /root/.ssh/id_dsa
> > debug1: next auth method to try is keyboard-interactive
> > debug1: authentications that can continue:
> > publickey,password,keyboard-interactive
> > debug1: next auth method to try is password 
> > (HERE IT PROMPTS FOR THE PASSWORD, NOT THE PASSPHRASE)
> > 
> > Could this be a bug or am I doing something wrong? I'd like to get this
> > working without having to upgrade the openssh package on the client
> system.
> > 
> > Thanks,
> > Scott
> > _______________________________________________
> > wplug mailing list
> > wplug at wplug.org
> > http://www.wplug.org/mailman/listinfo/wplug
> -- 
> Jonathan S Billings <billings at negate.org>
> TSFNKP, President and Chief Lackey
> 
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug
> _______________________________________________
> wplug mailing list
> wplug at wplug.org
> http://www.wplug.org/mailman/listinfo/wplug
> 





More information about the wplug mailing list